Re: using aggr interface instead of trunk
> On 14 May 2020, at 4:22 pm, mabi wrote: > > Hi Iain, > > ‐‐‐ Original Message ‐‐‐ > On Wednesday, May 13, 2020 7:55 PM, Iain R. Learmonth wrote: > >> More details are at:https://marc.info/?l=openbsd-cvs=156229058006706=2 > > I actually already read that one after seeing the announcement on > undeadly.org iirc ;) > >> Assuming you mean trunk, not tun, yes. > > Right, thanks for spotting that, I meant trunk of course. > >> I don't see mention of any aggr fixes in the 6.7 changelog, so I guess it >> didn't have any disasters in it. Others are using it on production systems. > > Nice to hear that, I will give it a shot as soon as I upgrade to 6.6 my HA > CARP cluster of two OpenBSD firewalls. I might first try using it on one of > the two firewalls so that I can easily switch to the other firewall in any > case of issue. I would wait for 6.7 before using aggr(4) in production. Considering 6.7 is out now, there's no reason not to use it instead of 6.6. dlg
Re: using aggr interface instead of trunk
Hi Iain, ‐‐‐ Original Message ‐‐‐ On Wednesday, May 13, 2020 7:55 PM, Iain R. Learmonth wrote: > More details are at:https://marc.info/?l=openbsd-cvs=156229058006706=2 I actually already read that one after seeing the announcement on undeadly.org iirc ;) > Assuming you mean trunk, not tun, yes. Right, thanks for spotting that, I meant trunk of course. > I don't see mention of any aggr fixes in the 6.7 changelog, so I guess it > didn't have any disasters in it. Others are using it on production systems. Nice to hear that, I will give it a shot as soon as I upgrade to 6.6 my HA CARP cluster of two OpenBSD firewalls. I might first try using it on one of the two firewalls so that I can easily switch to the other firewall in any case of issue.
Re: using aggr interface instead of trunk
Hi, On 13/05/2020 13:10, mabi wrote: > I am currently running OpenBSD 6.5 as firewall with two ix interfaces inside > a trunk interface with LACP protocol. On top of that I have a few vlan > interfaces so it's basically (ix -> trunk -> vlan). > > Now I saw that OpenBSD has a new interface specifically for LACP which is > called aggr. As I will soon be upgrading to OpenBSD 6.6 I was wondering if it > is the right time to switch from trunk to the new aggr interface? More details are at: https://marc.info/?l=openbsd-cvs=156229058006706=2 > From what I understand the new aggr interface has mainly 2 advantages: it is > multi-processor safe and it should be faster than the tun interface. Is this > correct? Assuming you mean trunk, not tun, yes. > And last point because aggr is pretty new, is it already safe to use it for a > production firewall? I don't see mention of any aggr fixes in the 6.7 changelog, so I guess it didn't have any disasters in it. Others are using it on production systems. Thanks, Iain. -- https://hambsd.org/
using aggr interface instead of trunk
Hello, I am currently running OpenBSD 6.5 as firewall with two ix interfaces inside a trunk interface with LACP protocol. On top of that I have a few vlan interfaces so it's basically (ix -> trunk -> vlan). Now I saw that OpenBSD has a new interface specifically for LACP which is called aggr. As I will soon be upgrading to OpenBSD 6.6 I was wondering if it is the right time to switch from trunk to the new aggr interface? >From what I understand the new aggr interface has mainly 2 advantages: it is >multi-processor safe and it should be faster than the tun interface. Is this >correct? And last point because aggr is pretty new, is it already safe to use it for a production firewall? Best regards, Mabi